-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Contrast the following two examples:
#1: time : | openssl s_client -connect www.openssl.org:443 >& /dev/null real 0m0.545s user 0m0.000s sys 0m0.000s #2: time : | openssl s_client -quiet -connect www.openssl.org:443 >& /dev/null real 0m21.255s user 0m9.500s sys 0m11.180s - ----------- Note the numerology: 21.225 - 9.5 - 11.18 = 0.545 That means that if you discount the half second it takes to actually fetch the certificate, s_client was using 100% of the cpu the whole time ... for more than 20 seconds. I cannot imagine why it loops when "-quiet" is specified and not otherwise. I cannot imagine why it loops for 20.5 seconds instead of 20.5 minutes or 20.5 hours. This is 100% reproducible chez moi, although the timings naturally vary by a little bit. (gdb) where #0 0x00007ffff7903653 in __select_nocancel () at ../sysdeps/unix/syscall-template.S:81 #1 0x0000000000434d73 in s_client_main (argc=0, argv=0x7fffffffe680) at s_client.c:1794 #2 0x00000000004039a8 in do_cmd (prog=0x990540, argc=4, argv=0x7fffffffe660) at openssl.c:470 #3 0x00000000004035b8 in main (Argc=4, Argv=0x7fffffffe660) at openssl.c:366 openssl version OpenSSL 1.1.0-dev xx XXX xxxx (latest github version) Same symptoms observed in older versions: openssl version OpenSSL 1.0.1f 6 Jan 2014 uname -a Linux asclepias 3.18.0+ #2 SMP Sun Dec 21 18:25:03 MST 2014 x86_64 x86_64 x86_64 GNU/Linux ========= Obvious workaround: Don't specify the "-quiet" option. There are other ways of dealing with the unwanted prolixity. Priority: low. Compared to actual security problems such as the nameconstraints bypass bug [openssl.org #3502] this is nothing. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVRg/GPO9SFghczXtAQJfwxAAzbmfw1gCJYNCoxgI0kVX1davQ2tqq9Pv eC5rVzyrh3+ii/PlvgojjOi9KR4o/nOUoy7CzVKTyidG5PTM1J8nNrCrl2H48vic iv6fNVsLxcibPGs7+De2SqZkiJXl2JvgCZuLACljxq39SrKK0SpNKWqM8DyQrnes 3Mfim3vEcPMHj5lrFTWvVP/tT+/aslW1WGHLuh5kh9KHLBoQQCH2kenVD4Rrxz+F pa5PjRVf7rPQEfaFWKBZ2WLwStelp1ZriJN1TxEXPqWqZsWlUnKwJUhZZaAnBdUt z4Vj9MhgQDPMnyWDy8sVb/5BAyiMoTL6/DJfm949tn3rsef6UHtCu3iHg+GRDTVP AQ6I8TmGnQMpXGTQnmLA5fyHrmGlSbcdmcSDQaIA1noKuWyORT4/CBNMftt+A5gV MuWrSdZg4/l1Tkon4712v3yucg9r2WSMbz5hEGxw99MVd7Kk27OHfSYrDowYvjKC vwBtABvXTmsR387pkcTDpuRU8Ayk/OXM1cbkuK7Vsadr2sfcwvi6iuL02NVDITwQ XyksioIKPf76pXJt5aUOwjnVdRN0XN67LdHSSBZlmjEImUYQxswmZDuWZbdm/ECr 5Ahxeij8wkNZUKDCMCa2HScbQGlx9YveI+jDs2m5pB40lDcSWTqm+FmHtCVImi++ 0atbpVOZanc= =oaVD -----END PGP SIGNATURE----- _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev